Vulnerability Details CVE-2024-45191
An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.7%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2024-45191
-
cpe:2.3:a:matrix:olm:0.1.0
-
cpe:2.3:a:matrix:olm:1.0.0
-
cpe:2.3:a:matrix:olm:1.1.0
-
cpe:2.3:a:matrix:olm:1.2.0
-
cpe:2.3:a:matrix:olm:1.3.0
-
cpe:2.3:a:matrix:olm:2.0.0
-
cpe:2.3:a:matrix:olm:2.1.0
-
cpe:2.3:a:matrix:olm:2.2.0
-
cpe:2.3:a:matrix:olm:2.2.1
-
cpe:2.3:a:matrix:olm:2.2.2
-
cpe:2.3:a:matrix:olm:2.3.0
-
cpe:2.3:a:matrix:olm:3.0.0
-
cpe:2.3:a:matrix:olm:3.1.0
-
cpe:2.3:a:matrix:olm:3.1.1
-
cpe:2.3:a:matrix:olm:3.1.2
-
cpe:2.3:a:matrix:olm:3.1.3
-
cpe:2.3:a:matrix:olm:3.1.4
-
cpe:2.3:a:matrix:olm:3.1.5
-
cpe:2.3:a:matrix:olm:3.2.0
-
cpe:2.3:a:matrix:olm:3.2.1
-
cpe:2.3:a:matrix:olm:3.2.2
-
cpe:2.3:a:matrix:olm:3.2.3
-
cpe:2.3:a:matrix:olm:3.2.4
-
cpe:2.3:a:matrix:olm:3.2.5
-
cpe:2.3:a:matrix:olm:3.2.6
-
cpe:2.3:a:matrix:olm:3.2.7
-
cpe:2.3:a:matrix:olm:3.2.8